#8747 getfedora.org sometimes hits CORS when fetching from builds.coreos.fedoraproject.org
Closed: Fixed 4 years ago by jlebon. Opened 4 years ago by jlebon.

Describe what you would like us to do:

I've hit this before and so have some users. When trying to load https://getfedora.org/coreos/download/, Firefox is unable to load the stream metadata because of CORS:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
          https://builds.coreos.fedoraproject.org/streams/stable.json. (Reason: CORS request did not succeed).

builds.coreos.fp.org is a CloudFront endpoint for the fcos-builds bucket. The bucket itself has a permissive CORS rule:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

So I'm thinking it might be something missing in the CloudFront configuration. And indeed it does have some "caching" behaviours to it; it mostly shows up after updating that JSON file during releases, and it eventually goes away (something like CloudFront not passing through CORS headers on the first cache miss maybe?).

When do you need this to be done by? (YYYY/MM/DD)

Not urgent, but prevents some users from reaching the Fedora CoreOS download page.


Metadata Update from @smooge:
- Issue priority set to: Waiting on Assignee (was: Needs Review)

4 years ago

Metadata Update from @smooge:
- Issue tagged with: aws

4 years ago

I found this: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-cors

and set the cloudfront settins as suggested.

Do you have any way to test? Or should we close this and re-open if it happens again?

Thanks for looking into this!

Do you have any way to test? Or should we close this and re-open if it happens again?

I think we can close it and see if it happens again on the next FCOS release.

Metadata Update from @jlebon:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 years ago

Login to comment on this ticket.

Metadata